You probably already know that Artificial Intelligence (AI) and Machine Learning (ML) can power things like self-driving cars or your phone’s digital assistant. But did you know that AI & ML can also improve how we design and manage networks? Well, it can. Network AI is going to be an increasing security trend in the future and leveraging the power of AI & ML for this purpose is one of the many ways Cisco is bringing innovation to the world of network design.

Network AI: Incorporating AI into how you design networks

All networks do the same basic thing: they allow devices to exchange information with each other. However, there is an infinite variety of ways in which networks can be designed to perform that generic function. This is because customers have a variety of technologies, features, and solutions available to make their networks meet the needs of the business. Network design and network policies are the rules that define how devices are allowed to communicate with one another. This plays a critical role in guaranteeing availability, optimizing traffic flow, enforcing security rules, and so on.

Network policy and design challenges

Traditionally, network architects devised network configurations and policies manually based on changing requirements. These changes often included adopting new technologies: “Network AI,” for example, can leverage AI technology in dictating network policy and design. Before this technology, network design traditionally consumed much time and effort. This is because network design is typically a highly manual process that bridges a gap between operational and strategic concerns. 

The problem is that as your network grew, the more data there was to track—leading to greater complexity. Additionally, as networks scaled up it also became increasingly harder to ensure that the policies you deployed were still the most efficient, or even valid, at the increased scale. At the same time, analyzing network design was a very complex process. It often involved multiple stakeholders, who each had to weigh in on how network design impacted their parts of the organization. 

As more applications leverage the network directly, the environment gets more complicated and requires standards to maintain support. Policy drift, too, was a constant issue. Even if teams configured network policies consistently at first, those policies tended to become inconsistent over time due to requirements changes, staffing changes, break-fix scenarios and so on. Policy inconsistency added even more complexity to network design analysis, while also making it harder to troubleshoot problems and provide support to users.

A better approach: AI and ML-based network design

However, thanks to AI/ML and its ability to unlock the power data, a better world is now possible for network design and analysis. We’ve already noted how disruptive generative AI can be. Today, network architects can use AI/ML to analyze a variety of possible policy configurations, and then determine which ones are best suited to a given set of requirements. 

This data science approach means not just that engineers spend much less time parsing policies manually, but also that there is greater consistency in how both network and application policies are defined, and better alignment between network design and business needs. At the same time, AI/ML-based network design and analytics allow organizations to define and measure critical benchmarks that quantify the value of their network. Network AI and ML can, for example, measure time-to-deployment of new policies, or track how particular policies improve (or hinder) network security. 

Moreover, this data science and analytics approach unlocks immense creative design potential and even enables us to define entirely new and powerful metrics. For example, PVA (mentioned below) uses a (patent pending) complexity algorithm that determines which policies contribute to the overall complexity and supportability of the network. Last but not least, AI/ML also allows organizations to be proactive about improving network operations by updating policies. Engineers can automatically assess existing policies to find sub-optimal configurations. They can then update them to improve traffic flow, mitigate security risks, and so on.

Bringing network AI design innovation to the masses

At this point, you may be thinking: “Leveraging AI/ML to improve network design sounds great, but what if I don’t have data scientists on staff? Who’s going to build the models to help me optimize my network?” At Cisco, we’re currently working on several initiatives designed to help every business – not just large enterprises, build bespoke AI/ ML solutions for network design and management. This will enable them to bring the benefits of data science to bear on their network policies. These solutions are part of Cisco’s Business Critical Services (BCS) offerings.

Place in Network (PIN)

Place in Network is a machine learning model we’ve developed that predicts the functional role and business importance of devices within networks. In turn, it helps teams learn which devices to prioritize when remediating vulnerabilities based on how important a device is to the network and business. PIN also facilitates for our consultants a quicker time-to-learn an environment by highlighting the role of a device and its relative importance. When consultants make recommendations to customers or when insights are delivered via self-service portals, PIN adds another dimension of prioritization for remediation tasks and provides a little more context.

This means that, when you discover a security issue, PIN can tell you at a glance which devices are affected, and which ones you should isolate first via network policies. This ensures that you can protect mission-critical devices as quickly as possible, then work on addressing risks to other devices that are not as important to the business. Furthermore, the role of a device can often hint at potential attack vectors or where other compensating controls may have been put in place to minimize risk. For example, a security vulnerability that is focused on remote exploitation may be of higher risk to your internet edge devices, as opposed to your access layer switches that are behind multiple layers of security. PIN provides the ability to classify devices by role, which is especially powerful for devices that you may not otherwise be able to identify their function through hostname or product family alone. This enables you to classify actions based on importance - if you have a vulnerability, you can address the immediate risks and most impactful items first to minimize exposure.

Policy Variation Analysis (PVA)

Policy Variation Analysis (PVA) allows teams to take a statistical approach to understanding their network policies. It compares actual policies to policy standards in order to identify policies that have drifted from ideal configurations or that otherwise stand to be improved.

PVA provides visualizations so that analysts can see at a glance what network policy trends look like and detect outliers that may require attention. This also makes the visualization of policies, and potential impacts of policy decisions, easier to quantify through the use of a flow chart. PVA therefore enables users to directly combat the policy drift problem that was stated earlier. Users can quickly identify policies that are not deployed or configured to their standards and identify differences between policy variations. All of these factors work in unison to increase the network supportability by reducing the amount of drift and complexity in the environment. PVA equips organizations with a powerful tool to automatically mitigate the growing pains and complexity of large networks. In addition, it provides consultants a look into the strategies their customers utilize when it comes to policy management and deployment.

Design Builder

With Design Builder, you can automate design reviews and audits. Design Builder uses graph theory to create intelligent mappings of device relationships on the network in order to summarize design patterns and surface insights that engineers can use to improve design. With the topology and relationship information available in Design Builder, it takes less time to understand overall network architectures. It also makes it easier to track how different parts of the network map onto different business units or resources. For example, you can see how virtual network resources relate to specific physical sites, like a retail store or bank branch.

Configuration nanagement insights

A so-called 'golden template' is a Cisco-certified and standardized configuration for a device that can be confidently and securely applied to one or multiple devices across a network. Such a ‘golden template’ allows network devices to be brought up quickly and efficiently with a readily available vetted foundational configuration. Device-specific customization can obviously be made once the golden template has been applied to a device, but the template ensures that required network policies are configured correctly at a foundational level. 

Creating a ‘golden template’ is the holy grail for network designers and is often developed through hard-won experience and intense and time-consuming analysis of the install base. Configuration Management Insights alleviates all this and enables you to automatically predict the configuration templates for different network devices by learning the patterns of association of configuration snippets. This helps to establish a baseline that can be used to fine-tune, and kick-start the standardization journey. 

Configuration Management Insights also enables an on-demand audit capability that details how compliant the network is to your standards. The overall goal of this configuration standardization lead to more expected results. When devices are compliant with a known “golden” standard, they tend to be more supportable and less complex to troubleshoot. With Configuration Management Insights, you can put the struggle behind you. Using network analytics, the tool helps engineers set configuration standards based on their business’s requirements. The goal is to ensure that businesses use consistent, standardized policy rules that are tailored to their devices and organizational needs.

Network AI, ML, and the future of network design

As we’re previously noted, predictive AI is going to change how organizations run. Historically, optimizing network design and network policies required a tremendous amount of manual effort and customization. To the extent that automated solutions were available, they were usually high-touch, high-expertise, high-cost processes that had to be complemented with bespoke consultancy services. This means they were traditionally out of reach for all but the largest customers. AI/ML-based network design solutions from Cisco are changing this. Today, any business can digitize network design and policy optimization, making it easier than ever to ensure networks are tailored to business needs. 

Through this democratization, we are giving customers the power to act on previously complex or unknown “hidden” insights in an automated fashion. This empowers you to think deeper about design strategies and how design components affect the business. Learn more about how network design optimization supports the missions of Cisco Business Critical Services.